How to Measure Anything in Cybersecurity Risk

This is an excerpt from How to Measure Anything in Cybersecurity Risk by Douglas Hubbard and Richard Seiersen, which argues for a more quantitative approach to cybersecurity risk management. The authors contend that existing methods, such as risk matrices and risk scores, are flawed and hinder decision-making. They propose using quantitative methods to assess risk, including the assignment of probabilities and dollar impacts, and demonstrate how to apply these techniques through a series of practical examples. The book explores methods for calibrating experts, combining their estimates, and leveraging Bayesian methods to update beliefs about cybersecurity risks. It emphasizes the importance of continuous performance tracking and the use of prescriptive analytics for optimizing security investments. Ultimately, the authors aim to establish cybersecurity risk management as a strategic function, transforming it from an operational task to a data-driven discipline.You can listen and download our episodes for free on more than 10 different platforms:https://linktr.ee/cyber_security_summaryGet the Book now from Amazon:https://www.amazon.com/How-Measure-Anything-Cybersecurity-Risk/dp/1119892309?&linkCode=ll1&tag=cvthunderx-20&linkId=e75f8df3d1a6a11836fa7d1c69e87d25&language=en_US&ref_=as_li_ss_tlDiscover our free courses in tech and cybersecurity, Start learning today:https://linktr.ee/cybercode_academy

There are no comments yet.

Please log in to write the first comment.